mirror of
https://github.com/gocsaf/csaf.git
synced 2025-12-22 11:55:40 +01:00
Add new requirement sections 1 and 2 to report
This commit is contained in:
Sascha L. Teichmann
parent
cbd9dead37
commit
8425644886
4 changed files with 49 additions and 5 deletions
|
|
@ -144,6 +144,8 @@ func writeReport(report *Report, opts *options) error {
|
|||
// It returns an array of the reporter interface type.
|
||||
func buildReporters() []reporter {
|
||||
return []reporter{
|
||||
&validReporter{baseReporter{num: 1, description: "Valid CSAF documents"}},
|
||||
&filenameReporter{baseReporter{num: 2, description: "Filename"}},
|
||||
&tlsReporter{baseReporter{num: 3, description: "TLS"}},
|
||||
&redirectsReporter{baseReporter{num: 6, description: "Redirects"}},
|
||||
&providerMetadataReport{baseReporter{num: 7, description: "provider-metadata.json"}},
|
||||
|
|
|
|||
|
|
@ -53,6 +53,8 @@ type processor struct {
|
|||
pmd any
|
||||
keys []*crypto.KeyRing
|
||||
|
||||
invalidAdvisories topicMessages
|
||||
badFilenames topicMessages
|
||||
badIntegrities topicMessages
|
||||
badPGPs topicMessages
|
||||
badSignatures topicMessages
|
||||
|
|
@ -203,6 +205,8 @@ func (p *processor) clean() {
|
|||
p.pmd = nil
|
||||
p.keys = nil
|
||||
|
||||
p.invalidAdvisories.reset()
|
||||
p.badFilenames.reset()
|
||||
p.badIntegrities.reset()
|
||||
p.badPGPs.reset()
|
||||
p.badSignatures.reset()
|
||||
|
|
@ -441,6 +445,12 @@ func (p *processor) integrity(
|
|||
}
|
||||
p.checkTLS(u)
|
||||
|
||||
// Check if the filename is confirming.
|
||||
p.badFilenames.use()
|
||||
if !util.ConfirmingFileName(filepath.Base(u)) {
|
||||
p.badFilenames.error("%s has not a confirming filename.", u)
|
||||
}
|
||||
|
||||
var folderYear *int
|
||||
|
||||
if m := yearFromURL.FindStringSubmatch(u); m != nil {
|
||||
|
|
@ -490,22 +500,24 @@ func (p *processor) integrity(
|
|||
continue
|
||||
}
|
||||
|
||||
p.invalidAdvisories.use()
|
||||
|
||||
// Validate against JSON schema.
|
||||
errors, err := csaf.ValidateCSAF(doc)
|
||||
if err != nil {
|
||||
lg(ErrorType, "Failed to validate %s: %v", u, err)
|
||||
p.invalidAdvisories.error("Failed to validate %s: %v", u, err)
|
||||
continue
|
||||
}
|
||||
if len(errors) > 0 {
|
||||
lg(ErrorType, "CSAF file %s has %d validation errors.", u, len(errors))
|
||||
p.invalidAdvisories.error("CSAF file %s has %d validation errors.", u, len(errors))
|
||||
}
|
||||
|
||||
// Validate against remote validator.
|
||||
if p.validator != nil {
|
||||
if ok, err := p.validator.Validate(doc); err != nil {
|
||||
lg(ErrorType, "Calling remote validator on %s failed: %v", u, err)
|
||||
p.invalidAdvisories.error("Calling remote validator on %s failed: %v", u, err)
|
||||
} else if !ok {
|
||||
lg(ErrorType, "Remote validation of %s failed.", u)
|
||||
p.invalidAdvisories.error("Remote validation of %s failed.", u)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -73,6 +73,11 @@ func (r *Requirement) HasErrors() bool {
|
|||
return false
|
||||
}
|
||||
|
||||
// Append appends messages to requirement.
|
||||
func (r *Requirement) Append(msgs []Message) {
|
||||
r.Messages = append(r.Messages, msgs...)
|
||||
}
|
||||
|
||||
// HasErrors tells if this domain has errors.
|
||||
func (d *Domain) HasErrors() bool {
|
||||
for _, r := range d.Requirements {
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ type (
|
|||
num int
|
||||
description string
|
||||
}
|
||||
validReporter struct{ baseReporter }
|
||||
filenameReporter struct{ baseReporter }
|
||||
tlsReporter struct{ baseReporter }
|
||||
redirectsReporter struct{ baseReporter }
|
||||
providerMetadataReport struct{ baseReporter }
|
||||
|
|
@ -43,6 +45,29 @@ func (bc *baseReporter) requirement(domain *Domain) *Requirement {
|
|||
return req
|
||||
}
|
||||
|
||||
// report reports if there where any invalid filenames,
|
||||
func (r *validReporter) report(p *processor, domain *Domain) {
|
||||
req := r.requirement(domain)
|
||||
if p.validator == nil {
|
||||
req.message(InfoType, "No remote validator configured")
|
||||
}
|
||||
if !p.invalidAdvisories.used() {
|
||||
req.message(InfoType, "No validations performed")
|
||||
} else {
|
||||
req.Append(p.invalidAdvisories)
|
||||
}
|
||||
}
|
||||
|
||||
// report reposrts if there where any bad filename.
|
||||
func (r *filenameReporter) report(p *processor, domain *Domain) {
|
||||
req := r.requirement(domain)
|
||||
if !p.badFilenames.used() {
|
||||
req.message(InfoType, "No filenames checked for conformance")
|
||||
} else {
|
||||
req.Append(p.badFilenames)
|
||||
}
|
||||
}
|
||||
|
||||
// report tests if the URLs are HTTPS and sets the "message" field value
|
||||
// of the "Requirement" struct as a result of that.
|
||||
// A list of non HTTPS URLs is included in the value of the "message" field.
|
||||
|
|
@ -142,7 +167,7 @@ func (r *securityReporter) report(p *processor, domain *Domain) {
|
|||
req.Messages = p.badSecurity
|
||||
}
|
||||
|
||||
//report tests the availability of the "provider-metadata.json" under /.well-known/csaf/ directoy.
|
||||
// report tests the availability of the "provider-metadata.json" under /.well-known/csaf/ directoy.
|
||||
func (r *wellknownMetadataReporter) report(p *processor, domain *Domain) {
|
||||
req := r.requirement(domain)
|
||||
if !p.badWellknownMetadata.used() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue